Microsoft Intune Integration

The integration between Microsoft Intune and Asset Panda streamlines device and asset tracking and management. Key fields and options include:

  • Device Type: Sync and import assets based on their specific type.

  • Device Configuration: Track devices as "Company Owned" or "Company Managed."

  • Asset Panda Management: Manage synced devices within Asset Panda for real-time updates and consistency.

The integration supports actions such as retiring devices (removing them from the system while retaining historical records), wiping data (without affecting Asset Panda), deleting devices (removing them from both Intune and Asset Panda), and remotely locking devices. This ensures smooth data synchronization and accurate asset management across both platforms.

To seamlessly integrate Microsoft Intune with Asset Panda and streamline your asset management process:

  1. Enable Microsoft Intune Integration: Connect your Microsoft Intune account to Asset Panda to fetch device data.

  2. Configure Asset Panda Integration: Map the Intune device data fields within Asset Panda for accurate synchronization.

  3. Sync Devices and Data: Sync your devices from Intune to Asset Panda, ensuring real-time updates and accurate tracking.

Prerequisites

Before integrating Microsoft Intune with Asset Panda, ensure the following requirements are in place:

  • An active Asset Panda subscription.

  • A Microsoft Azure Active Directory (AAD) deployment within your organization.

  • Administrator access to both Microsoft Azure and Asset Panda platforms.

  • Required permissions to register applications, generate secrets, and grant API access in Azure.

Note: It’s strongly recommended that one of the fields in Microsoft Intune contains unique values that directly match a corresponding field in Asset Panda. A common best practice is to use the Serial Number field as a unique match, assuming it’s already tracked and marked unique in Asset Panda. This prevents duplication by ensuring that synced devices update existing records instead of creating new ones. Additionally, ensure that the relevant collections and fields already exist in Asset Panda. If data is synced into a non-existent field, the integration may not be completed successfully.

Setting up Microsoft Intune in Azure

Register a New Application in Azure

  1. Open a web browser and go to Azure Portal.

  2. Sign in using your Azure administrator credentials.

  3. In the search bar at the top, type App Registrations and select it from the results.

  4. Click on + New Registration.

  5. Enter a name for your application (e.g., Intune Integration).

  6. Under Supported account types, select:

    • Accounts in this organizational directory only (Single tenant).

  7. Click Register to create the application.

Retrieve Required IDs

  1. After registration, go to the Application Overview page.

  2. Copy the following values for later use:

    • Application (Client) ID

    • Directory (Tenant) ID

    • Object ID

Generate Client Secret

  1. In the left-hand navigation menu, click Certificates & Secrets.

  2. Under the Client secrets section, click + New client secret.

  3. In the Description field, enter a name (e.g., Intune Secret).

  4. Under Expires, select a validity period (e.g., 6 months, 1 year, etc.).

  5. Click Add to generate the client secret.

  6. Copy the Value (not the Secret ID).

Warning: You will only see the secret value once. Store it safely for later use.

Assign API Permissions in Azure

  1. To allow integration with Intune, the application needs API permissions.

  2. Go back to the Azure Portal.

  3. In the left-hand menu, click API Permissions.

    • The default User.Read permission should already be listed.

  4. Click + Add a permission.

  5. In the Request API permissions window, select Microsoft Graph.

  6. Click Application Permissions.

  7. Expand DeviceManagementManagedDevices and select:

    • User.Read.All

    • Group.Read.All

    • DeviceManagementManagedDevices.PrivilegedOperations.All

    • DeviceManagementManagedDevices.ReadWrite.All

  8. Expand DeviceManagementApps and select:

    • DeviceManagementApps.Read.All

  9. Click Add Permissions.

Grant Admin Consent

  1. On the API Permissions page, click Grant admin consent for <your tenant name>.

  2. A confirmation dialog will appear—click Yes to proceed.

  3. Ensure that the Status column for all permissions now shows Granted.

  4. The following details will be required when setting up Asset Panda Integration with Microsoft Intune:

    • Application (Client) ID → Used as Client ID in Asset Panda.

    • Directory (Tenant) ID → Used as Tenant ID in Asset Panda.

    • Object ID → Used as Application Object ID in Asset Panda.

    • Client Secret (Value) → Used as Client Secret in Asset Panda.

Setting up Microsoft Intune in Asset Panda

  1. Log into Asset Panda. Go to Settings > Account Management.

  2. To proceed with the configuration, click Manage for the respective module.

  3. Open the Integrations Module for the desired account.

  4. Switch to the Integrations Store Tab.

  5. You need to authenticate Asset Panda with Microsoft Intune. To establish a secure connection, enter the required credentials: In the Microsoft Intune Integration section, enter the following details:

    • Client ID

    • Client Secret

    • Application Object ID

    • Tenant ID

Note: These details were copied during the Microsoft Intune Account Registration in Azure. Refer back to those values when entering them here.

  1. Click Test and Save Connection to verify authentication.

  2. Click Continue mapping.

Note: Before configuring field mapping, complete the initial setup by:

  • Providing a name for the mapping

  • Selecting the relevant Asset Panda collection to receive the data

  • Choosing the appropriate external entity from Microsoft Intune.

Configure Data Mapping and Filtering

During integration, Microsoft Intune fields must be mapped to corresponding Asset Panda fields to ensure accurate data synchronization. Proper mapping prevents duplication and ensures that device records are updated correctly within Asset Panda.

Understanding Unique Identifiers

A unique identifier is a field that remains constant for each record, ensuring accurate data syncing and preventing duplicates between Microsoft Intune and Asset Panda. Common examples include Intune Device ID or Serial Number, depending on the type of data being mapped.

Selecting the correct unique identifier is essential for accurate record matching. Use:

  • Intune Device ID for most environments, as it is system-assigned and consistent.

  • Serial Number if your organization tracks it as a unique field in Asset Panda and it is reliably populated.

Do not use fields like Device Name, User Email, or Compliance Status as unique identifiers, as they can change over time or may not be unique, leading to sync errors.

  1. In the Mapping section, locate the Microsoft Intune fields from Intune.

  2. Map the Asset Panda field from Microsoft Intune to the relevant column in your Asset Panda system.

  3. Click Save.

Info: Setting up an automation ensures data stays up to date by syncing records at scheduled intervals.

Microsoft Intune Fields and Mapping Guidance

Field Name
Description
Mapping & Filtering Guidance

Intune Device ID

A unique, system-assigned identifier for each Intune-managed device.

Recommended as the Unique Identifier for matching records.

Serial Number

Manufacturer-assigned serial number of the device.

Can be used as a Unique Identifier if consistently populated and marked unique in Asset Panda.

IMEI

Identifier for mobile/cellular devices.

Optional; applicable mainly to mobile devices. May be blank for desktops.

MEID

Alternate mobile device ID.

Similar use as IMEI. Use only if populated reliably.

Wi-Fi MAC

MAC address of the device's wireless interface.

Optional; may not be consistently available or unique.

EAS Device ID

Exchange ActiveSync identifier.

Typically used in Exchange environments only.

Device Name

User-assigned or system-generated device name.

Not suitable as a Unique Identifier. May change over time.

Primary User Name

Username of the device’s primary user.

Useful for reference; not for identity matching.

Primary User Email

Email of the device’s primary user.

Use for reporting; avoid using as a Unique Identifier.

User Display Name

Full name of the assigned user.

Display-only value. Not unique or stable.

User Principal Name (UPN)

Azure AD login name (e.g., [email protected]).

Good for user tracking. Not unique to the device.

User ID

Azure AD object ID of the user.

Tied to the user, not the device. Avoid for device-level identity.

Phone Number

Phone number linked to the device.

Often blank or reused. Not reliable for matching.

Ownership

Indicates if device is corporate or personal.

Use for filtering by ownership type.

Device Manufacturer

Brand/vendor of the hardware (e.g., Apple, Dell).

Use for categorization or filtering. Not unique.

Model

Device model (e.g., iPhone 13, Dell XPS).

Useful for classification. Not recommended for identity matching.

OS / OS Version

Operating system and version installed.

Use for grouping or reporting. Not a unique value.

Compliance

Device compliance status based on Intune policies.

Use for filtering compliant vs non-compliant devices.

Category

Custom label defined in Intune.

Optional metadata; use as needed for filtering.

Device Enrollment Type

Method used for enrollment (e.g., manual, automatic).

Use for filtering enrollment method.

Device Registration State

Registration status in Entra ID.

Informational. Do not use for identity.

Management Agent

Agent type used to manage the device.

Use for internal classification.

Microsoft Entra Registered

Indicates if device is registered in Microsoft Entra ID.

Boolean value; not suitable as Unique Identifier.

Partner Threat State

Threat level reported from partner solutions.

Use for security reporting; not identity.

Encrypted / Supervised / Jailbroken

Security posture indicators.

Use for compliance visibility. Not identity fields.

EAS Activation Date

Date when Exchange ActiveSync was activated.

Timestamp field. Not stable.

Free / Total Storage Space

Storage metrics in bytes.

Volatile fields. Use for reporting only.

Last Successful Sync Date

Timestamp of last successful sync with Intune.

Changing value. Do not use for matching.

PreviousKandji IntegrationNextRecord Management

Last updated